SSH It is an essential tool for system administrators and advanced users who need to establish secure and encrypted connections between remote devices. In Linux-based environments, such as Ubuntu, SSH allows you to access servers remotely, run commands and transfer files securely.
In this guide, you will learn from how to install and configure SSH on Ubuntu to how to improve its security and establish an efficient connection to remote servers. In addition, we will explain how to generate and use SSH keys for a more secure authentication.
What is SSH and what is it used for?
SSH (Secure Shell, link to Wikipedia) SSH is a network protocol that allows secure and encrypted connection between two devices. Its main advantage is that it encrypts the information transmitted, preventing third parties from intercepting it. SSH is widely used by system administrators to:
- Connect to remote servers in a safe way.
- Administrator files on servers without the need for a graphical interface.
- Run commands on remote computers.
- To transfer files securely with SCP or SFTP.
How to install and enable SSH on Ubuntu
In order to use SSH on Ubuntu, you must first install and enable the service. Follow these steps:
1. Update system packages
Before installing any package, it is advisable to make sure that your system is up to date. Open the terminal and run:
sudo apt update && sudo apt upgrade
2. Install the OpenSSH server
The SSH server in Ubuntu is called OpenSSH and is installed with the following command:
sudo apt install openssh-server
Once the installation, check that the service is active with:
sudo systemctl status ssh
If the service is running, you will see a message indicating that the SSH server is up.
3. Enable and start the SSH service
If the service has not been activated automatically, you can start it with:
sudo systemctl start ssh
To ensure that SSH starts automatically every time you reboot your system, run:
sudo systemctl enable ssh
Connect to a remote server using SSH
Once the SSH server is up, you can connect to it from another device using the following command:
ssh user@ip_address
For example, if your user is admin and the server has the IP 192.168.1.100, the command would be:
ssh admin@192.168.1.100
If the SSH port has been changed from the default (22) to another number, you must specify it with the parameter -p:
ssh -p 22022 admin@192.168.1.100
SSH Security: Best Practices
To protect your SSH server from unauthorized access, please consider the following recommendations:
1. Change the default port
El SSH default port is 22, but changing it can reduce automated attacks. To change it, edit the configuration file:
sudo nano / etc / ssh / sshd_config
Find the line that says #Port 22, remove the symbol # and change it to a custom port number:
Port 22022
Save changes and restart the SSH service:
sudo systemctl restart ssh
2. Disable root access
It is advisable to prevent the user from root can directly access the server via SSH. To do this, in the same configuration file /etc/ssh/sshd_config, find the line:
AllowRootLogin yes
Change it to:
PermitRootLogin on
Save changes and restart SSH.
3. Use SSH key authentication
The use of SSH keys instead of passwords significantly improves security. To generate a key pair on the client, run:
ssh-keygen -t rsa
Then transfer the public key to the server with:
ssh-copy-id user@ip_address
After this, you will be able to connect without entering a password.
Configure firewall for SSH
If you use UFW (Uncomplicated Firewall) On Ubuntu, you must allow SSH connections with:
sudo ufw allow ssh
If you have changed the SSH port, use the new port in the command:
sudo ufw allow 22022/tcp
How to disable or stop the SSH service
If at any time you want to temporarily stop SSH, use:
sudo systemctl stop ssh
To disable it from starting automatically at boot time:
sudo systemctl disable ssh
If you want to block SSH access at the firewall, run:
sudo ufw deny ssh
With these steps, you can securely manage an SSH server on Ubuntu. From installation and configuration to optimizing it for security, SSH is an essential tool in system administration. By following these best practices, you'll be able to connect to and manage your Ubuntu server remotely without compromising security.